Recently joined an org that uses Commvault for SQL backups. The IT team says that Commvault needs to be in the sysadmin role to back up SQL databases. Does any one have experience of this and know exactly what permissions the Windows account needs in MSSQL to do backup and restore ?
I added the Windows account created for back ups as a login to the SQL instance. It is only in public Role. Then I added the login as a user to the Database to test backup process. Then I gave the user db_backupoperator role.
Commvault gives the following error :
Description: Error encountered during backup. Error: [ERROR: [Microsoft][ODBC SQL Server Driver][SQL Server]The login has insufficient authority. Membership of the sysadmin role is required to use VIRTUAL_DEVICE with BACKUP or RESTORE. [Microsoft][ODBC SQL Server Driver][SQL Server]BACKUP DATABASE is terminating abnormally. ]
Am I alone in thinking that is is absolutely ridiculous that it claims it needs the sysadmin role ? I have never used Commvault, only the native SQL tools. The argument here is that Commvault gives centralized control and compression. I am using MSSQL 2008, so I can argue that compression is no longer a disadvantage using native tools.
The problem as I see it is that it creates a massive security issue. The organization wants the IT team to control backups. But I do not want to give them a user the has control and access to every Database. Some of the information we have is very sensitive, and there have been breaches in the past where info (payroll salary info) has been publicized. Part of brief is to tighten up security around the Databases.
Does any one have any advice before I throw my toys about Commvault ? Maybe it can work without sysadmin but different permissions from those I have given ?